Computer forensics involves
the application of investigation and analysis techniques that comply
with a legal system. The U.S. Department of Justice working in
conjunction with a number of groups including the Technical Working
Group for Electronic Crime Scene Investigation has created a 93 page
PDF that appears to be accepted internationally448. A large percentage of the PDF is resources, which
are handy. It will not take you a great deal of time to read what to
do in the first moments of responding without destroying evidence.

The Cyber crime scene is no different
than a physical crime scene in the sense that from a legal standpoint
the protection of evidence is critical449. In fact, evidence figures prominently in the three
As of computer forensics, which are:

Acquire the evidence without altering or damaging
the original data (covered in section 5.6.1).

Authenticate that your recorded evidence is the
same as the original seized data (covered in section 5.6.2).

Analyze the data without modifying the recovered
data (covered in section 5.6.3).

As with many computing topics, once
you get started with descriptive models, you can run into a nearly endless
variety of them. To illustrate this point, the International Association
of Computer Investigative Specialists (IACIS), a computer forensics
group made up entirely of law enforcement professionals (who have a
great domain name450), puts it a bit differently, with the following
essential requirements for a computer forensic examination.

Forensically sterile examination media must be
used (Acquire, above).

The examination must maintain the integrity of
the original media (Authenticate and Analyze).

Printouts, copies of data and other exhibits
must be properly marked, controlled and transmitted (an addition).

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!